Security & Compliance Program Manager

Payment Security & Compliance Program Manager - 10981

3 weeks ago Be among the first 25 applicants

Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.

• Pioneering Technology:
  At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.
• Collaborative Culture:
  We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.
• Global Impact:
  Join a company where your work has a global, measurable impact on our clients, the business, and each other.

Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.

We are seeking a highly technical and detail-oriented Payment Security & Compliance Program Manager to lead compliance and governance across our payment-related frameworks, including PCI DSS
, SWIFT CSCF
, and other payment assurance obligations. This role owns the scoping, readiness, documentation, control implementation tracking, and continuous compliance posture of all environments handling payment data and SWIFT-connected systems.

As the primary owner of Coupa’s payment security compliance programs, you will partner closely with Engineering, Cloud Operations, IAM, Product Security, and GRC teams to ensure technical controls are implemented properly, evidence is audit-ready, and all payment environments maintain a continuously mature and secure posture.

This is a hands‑on and highly technical role requiring a deep understanding of cloud infrastructure, logging and monitoring, IAM, segmentation, encryption, CI/CD, and secure operations.

• Own and manage end‑to‑end PCI DSS and SWIFT CSCF programs, including scope maintenance, control applicability, compensating controls, authoritative documentation, and annual assessment readiness.
• Operate continuous compliance and evidence management, maintaining a validated, audit‑ready evidence library in our GRC Platform with structured refresh cadences for all PCI/SWIFT controls.
• Provide scoping, segmentation, and architecture governance by partnering with Engineering and Cloud Ops to review CDE boundaries, trust zones, architectural changes, and enforce required technical controls.
• Monitor and validate technical security controls across IAM, encryption, segmentation, logging/monitoring, vulnerability management, and incident response; maintain control monitoring logs and drive hardening improvements.
• Lead internal‑facing audit support and remediation governance, partnering with QSA/CSCF assessors, preparing audit populations, managing walkthroughs, and driving remediation tracking, prioritization, and validated closure.
• Maintain system‑of‑record documentation and emerging standards readiness, ensuring PCI/SWIFT artifacts meet regulatory expectations while monitoring framework updates, leading impact analyses, and planning for new requirements.

• 5–8+ years of experience in security compliance, cloud security, technical audit, or payment security programs.
• Deep expertise in PCI DSS (ideally PCI DSS v4.0) with hands‑on experience supporting or preparing for QSA‑led assessments; SWIFT CSCF or other high‑security financial frameworks strongly preferred.
• Strong technical understanding of cloud platforms (AWS/Azure), IAM, encryption, logging/monitoring, network segmentation, and CI/CD pipelines.
• Proven success collaborating with engineering, cloud operations, SRE, and security engineering teams on control implementation and validation.
• Excellent documentation, governance, and process discipline, with the ability to drive multi‑team remediation and maintain ongoing compliance rigor.
• Experience…